Re: [Exim] TARPIT ACL - for Spam Control

Marc Perkel wrote:

> I'd like to propose a new feature to be added to Exim as part of ACLs.
> In addition to ACCEPT and DENY I'd like to see TARPIT which is to accept
> - but to do so at a very slow rate. And - there would have to be other
> commands to define what a slow rate means.

So.. that's easy enough with delay = these days.

Now I had a different idea based on the fact that sending spam is cheaper than
handling the mail for the receiver.

Delaying/tarpitting makes sending a bit more expensive. But it being just an
open conection means it doesn't help a lot. But it can limit the amount of mail
getting into your system if you set a limit on simultaneous connections per IP.

Now, if we would send a lot of continuation lines in the response, for every
RCPT, the session would use real resources for the spammer. The current
situation is perhaps 60 bytes per recipient. We could raise that to 1200 bytes.

A dial-up spammer would drop from sending 100 mails per second to 5 mails per
second.

Of course it is pretty inelegant. But it could be a suitable resonse for hosts
one a dynamic IP list if you do not want to totally block them, and think
delaying alone is not effective enough. Just because it raises the effort for
non legitimate mail more than it is for real mail.

And it only helps in cases where the spammer bandwidth is limited, and the
victim has soem bandwidth to spare. That means it would work for large ISPs.

BTW while setting up tarpitting I've noticed that using message = in a deny
statement does not give anything back in the SMTP session. Any way around that?
It would at least be nice to send some indication why our mail server seems so slow.



Thomas